问题描述
升级到 macOS Ventura 后,无法使用 SSH 命令登入服务器,开启日志后,可能会看到 no matching host key type found 的报错信息。
如果是使用了基于 SSH 协议的相关指令,也会发生错误。比如使用 git clone 、git pull 等去同步基于 SSH 地址的 git 仓库代码时,会提示 Permission denied (publickey) 。
定位问题
经过查证,macOS Ventura 内置使用了 OpenSSH_9.0p1,根据 OpenSSH 发行说明 可以得知,从 OpenSSH 8.8/8.8p1 版本开始,就默认关闭了 ssh-rsa 算法。那么 macOS Ventura 内置使用的 OpenSSH_9.0p1 也是默认关闭了 ssh-rsa 算法。
原文内容如下:
OpenSSH 8.8/8.8p1 (2021-09-26)
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).
OpenSSH 8.7/8.7p1 (2021-08-20)
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
一、配置用户名和邮箱
git config --global user.name "moxun"
git config --global user.email "[email protected]"
1、通过ed25519方式加密,(针对rsa加密方式有时会出现密钥无效的情况)
ssh-keygen -t ed25519 -C "[email protected]"
ssh-keygen -t ed25519 -C "[email protected]"
(如果要用rsa加密,就是这个命令: ssh-keygen -t rsa -C "[email protected]")
ssh-keygen -t rsa -C "[email protected]"
按三次回车enter键即可生成,这里一般不需要添加名称和密码
通过命令行查看ed25519公钥
cat ~/.ssh/id_ed25519.pub
(查看ssh公钥):
cat ~/.ssh/id_rsa.pub
四、添加ssh密钥到git仓库
五、提交代码时遇到报错
remote: Processing changes: refs: 1
remote: Processing changes: refs: 1, done
remote: ERROR: commit c2a1aa2: missing Change-Id in message footer
remote:
remote: Hint: to automatically insert a Change-Id, install the hook:
remote: gitdir=$(git rev-parse --git-dir); scp -p -P 29418 ****@192.168.**.**:hooks/commit-msg ${gitdir}/hooks/
remote: and then amend the commit:
remote: git commit --amend --no-edit
remote:
error: failed to push some refs to 'ssh://[email protected].**.**:29418/**/**/**.git'
此时按提示有命令行输入
gitdir=$(git rev-parse --git-dir); scp -p -P 29418 ****@192.168.**.**:hooks/commit-msg ${gitdir}/hooks/
gitdir=$(git rev-parse --git-dir); scp -p -P 29418 ****@192.168.**.**:hooks/commit-msg ${gitdir}/hooks/
但还是会报错,因为有的电脑系统用的命令行不同,如果报错了就用下面的命令,小写的-p换成-O:
gitdir=$(git rev-parse --git-dir); scp -O -P 29418 ****@192.168.**.**:hooks/commit-msg ${gitdir}/hooks/
gitdir=$(git rev-parse --git-dir); scp -O -P 29418 ****@192.168.**.**:hooks/commit-msg ${gitdir}/hooks/
下一步:
git commit --amend --no-edit
git commit --amend --no-edit
然后再pull一下代码就可以了。